[Warning]: Enigma Info stealer | Bitcointalksearch.org

Saisher

full member

Activity: 2324

Merit: 175

Quote from: khaled0111 on February 10, 2023, 06:04:23 PM

Quote from: rat03gopoh on February 10, 2023, 11:38:46 AM

Attacks don't happen automatically (app will be installed after download). Afaik, android also has a default setting to prevent app installation from outside the store. The attacker has to make every pretext in the first file sent with the .txt extension so that the victim disables security and installs the app, then the attack begins.

That's correct, you need to execute the file by double clicking on it so it can download the payload. You need to be very cautious and check the extension of the file before opening it. In this example, it's supposed to be a word text file so it's supposed to end with .doc or .docx not .word.exe

This is the reason why I create another email for communication I received a lot of emails with docs and pdf followed by .exe which is executable, I am educated enough to delete any emails with .exe attachments, they send these emails with very compelling titles on the headers.
The rule of thumb is never to entertain emails coming from an unknown source even if the title is very attractive to open, these hackers are good at marketing their malware, and always watch out for attachments with .exe on it.

khaled0111

legendary

Activity: 2702

Merit: 3045

Top Crypto Casino

Quote from: rat03gopoh on February 10, 2023, 11:38:46 AM

Attacks don't happen automatically (app will be installed after download). Afaik, android also has a default setting to prevent app installation from outside the store. The attacker has to make every pretext in the first file sent with the .txt extension so that the victim disables security and installs the app, then the attack begins.

That's correct, you need to execute the file by double clicking on it so it can download the payload. You need to be very cautious and check the extension of the file before opening it. In this example, it's supposed to be a word text file so it's supposed to end with .doc or .docx not .word.exe

rat03gopoh

hero member

Activity: 2212

Merit: 670

Signature designer - start @$10 - PM me!

Quote from: cryptoaddictchie on February 10, 2023, 04:41:37 AM

Thanks for warning us. Meaning even just by opening the file from the email it could start downloading already and chance to steal your crypto from an app or software wallets?

Attacks don't happen automatically (app will be installed after download). Afaik, android also has a default setting to prevent app installation from outside the store. The attacker has to make every pretext in the first file sent with the .txt extension so that the victim disables security and installs the app, then the attack begins.

Woodie

hero member

Activity: 1834

Merit: 879

Rollbit.com ⚔️Crypto Futures

With how crafty people are becoming just to score some free coins, I think the best practice to protect our data and crypto coins is not to open any attachments from email addresses that are unfamiliar/unknown to us.
With techniques such as steganography, sometimes its not so obvious what's behind an attachment...

This reminds me, google drive seems to be another place these guys are really trying to explore by sending out messages that have these macros scripts that auto run once their link in the message is opened on a pc starts to copy out private keys and the alike...we really need t be careful out here in the digital space.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: cryptoaddictchie on February 10, 2023, 04:41:37 AM

Thanks for warning us. Meaning even just by opening the file from the email it could start downloading already and chance to steal your crypto from an app or software wallets?

If you open the exe file and install that malicious program, then without any doubt you have infected your device and enabled the attacker to do the final stage, which consists of collecting all the important information you store on the computer and sending it to the hacker. Just opening any e-mail will not do any harm, although some e-mail providers/clients will not even allow sending exe files precisely to prevent the possibility of malicious attacks.

348Judah

hero member

Activity: 714

Merit: 521

If people can yield to the warnings and instructions always given from here that the device you use handling your wallet through should not be the one you use often for browsing or tht is connected to the internet, using a wallet like electrum should be on an airgapped device not connected to the internet to avoid any form of malicious attack that might be inteded on stealing our password or other login details or wallet keys.

cryptoaddictchie

legendary

Activity: 2268

Merit: 1379

Fully Regulated Crypto Casino

Thanks for warning us. Meaning even just by opening the file from the email it could start downloading already and chance to steal your crypto from an app or software wallets?

Dave1

hero member

Activity: 1414

Merit: 542

A new info stealer is being released by Russian threat actors in the wild that uses fake crypto related jobs offerings.

Here is the attack chain:

So they will send 2 files on the pretext that they are looking for someone and hire them.

a. Interview questions.txt
b. Interview conditions.word.exe - so this is the first attack as it contains the loader. So once it is installed on your machine, and it will download the second pay loader.

The 3rd and final stage is the Enigma Stealer

Quote

Enigma targets system information, tokens, and passwords stored in web browsers like Google Chrome, Microsoft Edge, Opera, and more. Additionally, it targets data stored in Microsoft Outlook, Telegram, Signal, OpenVPN, and other apps.

So if you received some emails, then do not open specially if you used your machine for your crypto activity as it might stole all your info like logins, passwords.

https://www.trendmicro.com/en_us/research/23/b/enigma-stealer-targets-cryptocurrency-industry-with-fake-jobs.html

Topic: [Warning]: Enigma Info stealer (Read 84 times)